Stride-Based Cybersecurity Risk Modeling of Dimse Dicom Connections to the Treatment Planning System
Abstract
Purpose
Radiation therapy treatment planning systems (TPS) rely on multiple DICOM DIMSE connections to exchange imaging, structure, plan, and dose data with upstream and downstream clinical systems. While standards exist for secure DICOM communication, there remains limited implementation-specific guidance for evaluating cybersecurity risks across these connections in real clinical workflows. This work applies structured threat modeling to characterize cybersecurity risks associated with DIMSE DICOM data flows connected to the TPS.
Methods
The RT Systems Engineering Council conducted a multi-institutional, multi-vendor STRIDE-based threat modeling effort focused on DIMSE DICOM connections involving the treatment planning system. Over three months, subject-matter experts from vendor and clinical backgrounds systematically decomposed TPS-related DICOM workflows into functional connection types (e.g., simulator-to-TPS, PACS-to-TPS, TPS-to-treatment delivery, and TPS-to-auxiliary systems). For each connection, threats were identified across STRIDE categories and scored using a TG-100–inspired framework incorporating occurrence, severity, and detectability. Worst-case scenarios and realistic attack vectors were documented, along with candidate mitigation strategies compatible with current clinical environments.
Results
Risk profiles varied substantially across DIMSE connections. TPS-to-treatment delivery pathways demonstrated the highest combined risk due to high severity and limited detectability of tampering or spoofing events. Image ingestion pathways showed elevated risk for data corruption and information disclosure, while downstream QA and auxiliary workflows primarily presented operational disruption risks. Common vulnerabilities included lack of authentication, limited transport encryption, and insufficient transfer verification.
Conclusion
STRIDE-based modeling provides a practical, workflow-grounded approach for prioritizing cybersecurity risks in DIMSE DICOM-based radiation therapy systems. This analysis highlights where engineering controls can most effectively reduce patient safety and operational risk and establishes a foundation for implementation-focused guidance and reference solutions for vendors and clinics.